Archives

Today is the beginning of the 90-day attestation period for Meaningful Use in 2013 which can be reported by February of 2014. Are you ready? If you are an eligible medical provider, you could qualify for incentive payments for Meaningful Use but not if you miss the deadline. To get started, I’ve put together a couple of tips that will help you achieve this goal.

Start reviewing your data now.

Make sure you have your MU Core and Menu data collecting correctly by reviewing your dashboards for Numerators and Denominators that meet the criteria for attestation.

Review your dashboards for clinical quality measures for reporting.

Everyone I work with knows that I am continually reminding anyone who has or is attesting to Meaningful Use that you can’t just attest that you’ve met the criteria of each measure – you must actually do what you say you’ve done – and most importantly be able to prove that you have met that criteria. To that end, here are some facts you’ll want to consider. You may have seen these warnings from me before but they are worth repeating.

If you’re attesting to Meaningful Use Core Measure #15 – Conduct a Security Risk Assessment on your EHR system – you must actually complete the Security Risk Assessment. If you haven’t completed it, then DO NOT attest.

It’s not enough to just conduct the Security Risk Assessment; you must also identify potential risks and create a plan for mitigating those risks.

Addressing risks is not a ”one time and you’re done” project. It is an evergreen project. You must continually assess your EHR and systems that use or access ePHI to identify potential future points of risk. Have a plan in place for continuous review, maintenance and corrective action.

Have your Security Risk findings been incorporated into your HIPAA Compliance Manual? If not, then the intent of Core Measure #15 and most importantly the Omnibus Rule, has not been fully completed. Update your policy manual with your Security Risk Assessment findings and corrective actions. Be sure to include in your plan a continuous review timeframe. A fully documented HIPAA Security Compliance Manual is one of your best defenses in the event of an audit. A fully documented compliance manual addresses both HIPAA Privacy and HIPAA Security Policies and Procedures.

Finally, DO NOT attest (Did I say that already?) if you haven’t conducted a thorough and effective Security Risk Assessment and gone the extra steps to incorporate the findings into your policies. Plain and simple. You could be committing fraud and open your practice to potential corrective action costs and/or fines. Click here for Security Checklist.

As always, I am available to help you check this list of Meaningful Use attestation criteria off your list of things to do. Check out the links to helpful resources that I’ve included above and for more personalized help, you can contact me at info@practicemanagersolutions.com .

Comments

I want to thank everyone who participated in our survey in February. We received some excellent feedback about the tools and resources you’re looking for to help make your job easier. In fact, it spurred us to push up the release of a new product we had planned for 2015. It is an education program for staff that will be an ongoing compliment to the HIPAA Workforce annual training. This new product is a monthly program that will provide you with HIPAA security awareness reminders to use with your staff. It will reduce the time you spend searching for the […]

“Rebecca working with you has been such a pleasure. As you know Practice Managers are far beyond busy and getting the security policies done is so important therefore getting us out of the office to get them done in two days is the only way to do it. Not only did you make it easy for us, you got us out of our offices, provided a lovely environment to work in and we walked away accomplishing an extremely daunting task. Practice Manager Solutions is top notch. Thank you and please keep me informed if you decide to do another workshop.”